Hi!

Is there any real reason not to use python-ptrace?

I already know the memory address that I want to change, so no use in looking for it with the locator function. However there seems to be no way to do this:

from memorpy import *
mw=MemWorker(name="some-process.exe")
a = <Addr: 0x004BC97>
a.write(1)

It seems to be a python limitation (no ability to store a memory address, can only reference the address of the previous instruction with _), is there a way to do what I am trying to do?

Hello,

are you planning on supporting Python 3, please?

If I wanted to try to make it work in Python 3, was there any particular problem with Python 3 that you've encountered (e.g. are there some dependencies which also don't support it)?

Thanks :)

Hi!

It's possible to reuse Linux backend to be used in SunOS. To do so next things should be done:

1. Migration to psutil (SunOS have binary proc, and in psutil there is already code, which can be reused between linux and solaris).
2. Search C library using ctypes.util.find_library("c")
3. Avoiding to use ptrace (looks like there is no need to attach to process to to read address space)
4. Use /as instead of /mem
5. Do not treat absence of open64 as absence of Large file support.

I can write patch/PR request this, it this looks acceptable for you (1)

I need to install memorpy on ubuntu so i can use it with Pupy, but it requires python win32 extensions that aren't available on ubuntu. Is there any way to load it on Pupy?

OS X, python 2.7.13, memorpy 1.7

mw=MemWorker(pid=42723)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/site-packages/memorpy/MemWorker.py", line 35, in __init__
    self.process = Process.Process(name=name, pid=pid, debug=debug)
  File "/usr/local/lib/python2.7/site-packages/memorpy/OSXProcess.py", line 67, in __init__
    self._open()
  File "/usr/local/lib/python2.7/site-packages/memorpy/OSXProcess.py", line 81, in _open
    raise ProcessException("task_for_pid failed with error code : %s"%ret)
memorpy.BaseProcess.ProcessException: task_for_pid failed with error code : 5

So with what python version is this supposed to work? Python3 it doesn't work. Python 2.7.13 on W10 64 bit latest updates there are errors in just the few methods I tried. Mem_replace and umem_replace gives errors:

from memorpy import *
mw=MemWorker(name='notepad++.exe')
mw.mem_replace("lets replace this","pwned")

Traceback (most recent call last):
  File "C:/Users/user/PycharmProjects/memorri/main.py", line 3, in <module>
    mw.mem_replace("lets replace this","pwned")
  File "C:\Users\user\PycharmProjects\memorri\memorpy\MemWorker.py", line 62, in mem_replace
    if self.process.write_bytes(start_offset, replace) == 1:
  File "C:\Users\user\PycharmProjects\memorri\memorpy\WinProcess.py", line 210, in write_bytes
    address = int(address)
TypeError: int() argument must be a string or a number, not 'tuple'

Furthermore somehow it cant find the pid from notepad.exe. Getting a handle works if passing the pid but then the rest of the example with replacing a string does not even work...

from memorpy import *
mw=MemWorker(name='notepad.exe')

Traceback (most recent call last):
  File "C:/Users/user/PycharmProjects/memorri/main.py", line 2, in <module>
    mw=MemWorker(name='notepad.exe')
  File "C:\Users\user\PycharmProjects\memorri\memorpy\MemWorker.py", line 34, in __init__
    self.process = Process.Process(name=name, pid=pid, debug=debug)
  File "C:\Users\user\PycharmProjects\memorri\memorpy\WinProcess.py", line 44, in __init__
    self._open_from_name(name, debug=debug)
  File "C:\Users\user\PycharmProjects\memorri\memorpy\WinProcess.py", line 149, in _open_from_name
    raise ProcessException("can't get pid from name %s" % processName)
memorpy.BaseProcess.ProcessException: can't get pid from name notepad.exe

After this I quit with the module, seemed like an awesome thing to use though.

When installing it for python 3 using anaconda, it returns an error message:

ERROR: Command "python setup.py egg_info" failed with error code 1 in C:\Users

I could fix a good few things to do with windows in this library.

I have spent to much time to try to read x64 bit process memory from a x86 bit process without success, so maybe someone could help me.

There are some points I have noticed:

• VirtualQueryEx64 should be used instead of VirtualQueryEx used right now to iter memory address space. So this function should be uncommented.

• From a x86 process, NtWow64ReadVirtualMemory64 should be used automatically if the remote process it a x64 bits.

• When I call this function, I always have a Windows error code "2" which I suppose the offset does not exists. I think casting the address as an int is not a good idea (but even removing the cast, it does not change anything).

I already have tested all points I have noticed, without success. All functions needed to read x64 memory process from a x86 process are already defined in the project so I suppose you already work on it.

Technically it should be possible. Some projects already implement it:

• https://github.com/giampaolo/psutil/blob/master/psutil/arch/windows/process_info.c
• https://github.com/rwfpl/rewolf-wow64ext
• https://cybercoding.wordpress.com/2011/10/14/delphipeb-from-wow64-process/

In the

READ.ME example it says shows umem_search returning a list of tuples.

>> l=[x for x in mw.umem_search("hello")]
>> l

[('', <Addr: 0x003287B0>)]

However it should just return a lists of addresses:
>>> from memorpy import *
>>> mw = MemWorker(pid=pid1)
>>> 
>>> l=[x for x in mw.umem_search("hello")]
>>> l
[<Addr: 0x7F68C83B0770>, <Addr: 0x7F68C83B3D5C>, <Addr: 0x7F68C83B6024>, <Addr: 0x7F68C8A7A0A2>]
>>> l.dump
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'list' object has no attribute 'dump'
>>> l.dump()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'list' object has no attribute 'dump'
>>> a=l[0][0]
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: 'Address' object does not support indexing
>>> a=l[0]
>>> a
<Addr: 0x7F68C83B0770>
>>> l
[<Addr: 0x7F68C83B0770>, <Addr: 0x7F68C83B3D5C>, <Addr: 0x7F68C83B6024>, <Addr: 0x7F68C8A7A0A2>]
>>> a.dump()

Do you have any plan to upload this to PyPI? I guess It's better to install the package via its name, rather than via its project URL/

Traceback:

File "bhop.py", line 37, in <module>
    if win32gui.GetForegroundWindow() == CSGOWindow and isIngame(clientState, CSGO) and win32api.GetAsyncKeyState(0x20) and fFlags.read('int') == 257:
  File "bhop.py", line 7, in isIngame
    if clientState.read('int') == 6:
  File "C:\Python27\lib\site-packages\memorpy\Address.py", line 44, in read
    return self.process.read(self.value, type=type, errors=errors)
  File "C:\Python27\lib\site-packages\memorpy\BaseProcess.py", line 53, in read
    return struct.unpack(s, self.read_bytes(int(address), bytes=l))[0]
struct.error: unpack requires a string argument of length 4

?

Hi, I had success reading values from a process but I would also like to use pointers and need the base address of the process I'm attached to. Is there a way to get that info?

Issue Type

[x] Bug (Typo)

Steps to Replicate and Expected Behaviour

• Examine memorpy/LinProcess.py and observe unsufficient, however expect to see insufficient.
• Examine memorpy/MemWorker.py and observe instanciate, however expect to see instantiate.
• Examine memorpy/MemWorker.py and observe custm, however expect to see custom.

Notes

Semi-automated issue generated by
https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

To avoid wasting CI processing resources a branch with the fix has been
prepared but a pull request has not yet been created. A pull request fixing
the issue can be prepared from the link below, feel free to create it or
request @timgates42 create the PR. Alternatively if the fix is undesired please
close the issue with a small comment about the reasoning.

https://github.com/timgates42/memorpy/pull/new/bugfix_typos

Thanks.

Calling Locator(MemWorker(...)).feed(...) throws error:
AttributeError: 'MemWorker' object has no attribute 'start_offset'

Hi everyone. I have read the issues and there are some people who would like to scan, read and write process memory in Python 3 language. For now, there is a solution, that is the PyMemoryEditor library. It's not so complete like the memorpy, but you can use it in Python 3, and that implements fast algorithm for scanning.

使用您写的工具,发现从pid 内存搜索字符串,要比Cheat Engine 搜索到的少很多,这是为什么

When attempting to fetch memory on mac OS like so:

from memorpy import MemWorker

application_name = "OpenEmu"

memory_worker = MemWorker(name=application_name)

search_results = [x for x in memory_worker.mem_search(36)]

I received the following consistent traceback:

Traceback (most recent call last):
  File "reader-prototype.py", line 5, in <module>
    memory_worker = MemWorker(name=application_name)
  File "/Users/milieu/Projects/read-snes/venv/lib/python2.7/site-packages/memorpy/MemWorker.py", line 35, in __init__
    self.process = Process.Process(name=name, pid=pid, debug=debug)
  File "/Users/milieu/Projects/read-snes/venv/lib/python2.7/site-packages/memorpy/OSXProcess.py", line 62, in __init__
    self.pid=OSXProcess.pid_from_name(name)
  File "/Users/milieu/Projects/read-snes/venv/lib/python2.7/site-packages/memorpy/OSXProcess.py", line 101, in pid_from_name
    if name in dic['exe']:
KeyError: 'exe'